Re: [boost] Crypto/hashes library?

On 09/07/17 16:59, Vinnie Falco via Boost wrote:

On Thu, Sep 7, 2017 at 2:50 AM, Richard Hodges via Boost wrote:

...

I think it would be reasonable to say that most people (tm) use either the openssl or CryptoCpp libraries.

I doubt either of these libraries would pass a Boost review.

They don't need to. I think a full implementation of cryptographic algorithms in Boost, while would be nice in theory, is not very feasible in practice. First, it would require a group of very skillful and active developers that keep their hand on pulse in the security and cryptography field. Vulnerabilities need to be acted upon fast, which also means that Boost release schedule doesn't suit very well for such a library. The implementation has to be robust and fast to compete with other implementations (and by fast I mean including writing assembler routines for many algorithms). Then, preferably, the implementation would have to pass an independent audit to gain some trust in users. A cryptography library in Boost is very much welcome, but, at least initially, I think, it should focus primarilly on providing proper interface that fits in C++ ecosystem well. The bulk of the work should be done by a third party implementation, like OpenSSL or gnutls or libnss or whatever the native API is on a given platform. Maybe, if the API becomes popular and the library gains momentum, it could then offer its own implementation of some algorithms, e.g. to remove external dependencies. Then the difficulties I mentioned can be tackled gradually over time.